From: Tom Peters (thopeter) Date: Tue, 17 Apr 2018 19:41:05 +0000 (-0400) Subject: Merge pull request #1193 in SNORT/snort3 from nhttp101 to master X-Git-Tag: 3.0.0-245~41 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4d19abcd2ee92080ca74f8ea6faecb7a5d3fe0e9;p=thirdparty%2Fsnort3.git Merge pull request #1193 in SNORT/snort3 from nhttp101 to master Squashed commit of the following: commit 1e832db96b33cdc4cfe07c608faef6363262c590 Author: Tom Peters Date: Tue Apr 17 14:04:48 2018 -0400 http_inspect: broken chunk performance improvement --- diff --git a/src/service_inspectors/http_inspect/http_cutter.cc b/src/service_inspectors/http_inspect/http_cutter.cc index 78a31a5ba..7eace0b28 100644 --- a/src/service_inspectors/http_inspect/http_cutter.cc +++ b/src/service_inspectors/http_inspect/http_cutter.cc @@ -546,7 +546,12 @@ ScanResult HttpBodyChunkCutter::cut(const uint8_t* buffer, uint32_t length, // If we are skipping to the trailers and next message the broken chunk thwarts us if (discard_mode) { - return SCAN_ABORT; + // FIXIT-P Need StreamSplitter::END + // With the broken chunk this will run to connection close so we should just stop + // processing this flow. But there is no way to ask stream to do that so we must + // skip through the rest of the message ourselves. + num_flush = length; + return SCAN_DISCARD_PIECE; } uint32_t skip_amount = length-k; skip_amount = (skip_amount <= flow_target-data_seen) ? skip_amount :